-
## Paste the link of the GitHub organisation below and submit
https://github.com/w3c
---
###### Please subscribe to this thread to get notified when a new repository is created
-
Given the prevalence of content negotiation schemes like https://www.igvita.com/2013/05/01/deploying-webp-via-accept-content-negotiation/, I worry a bit about the current MIME type syntax for integrit…
-
Can someone provide me any examples about https://w3c.github.io/webappsec-csp/#exfiltration?
I am still not clear about how exfiltration would occur which contents of the request, such as the URL, co…
-
We are adding mediasession policy in https://github.com/w3c/mediasession/pull/299.
@chrisn suggested to add it to https://github.com/w3c/webappsec-permissions-policy/blob/main/features.md
-
Starting from https://webcompat.com/issues/new?label=type-google (HTTPS) and being logged in to the site using my GitHub account, I see a "Report as foolip" button alongside the "Report Anonymously" b…
-
Hey folks!
We have a few slots for various incubations to discuss things in-person during TPAC 2024 in Anaheim.
If you'd like to discuss yours, please chime in below with: incubation, required t…
-
See https://github.com/whatwg/html/issues/1440#issuecomment-299275463.
The interesting case here is a toplevel navigation which is triggered by browser chrome, for example through typing a URL in t…
-
```
HTTP splitting attack in WebGoat is demonstrated on a code, which is actually
not vulnerable to HTTP splitting itself (at least not in common today's
browsers). This makes it confusing to the st…
-
Ok ok, hear me out.
I'm assuming we're allowing developers to block `document.write` because injecting into the browser's streaming parser is a slow path, and can break things like look-ahead parsi…
-
I think this document misses a key point in the use cases of keygen, its possible replacements, and its relation to other protocols. I hate to get into 'angels on the head of a pin' territory about '…